- Posts: 2
- Thank you received: 0
LAN access
21 years 4 weeks ago #1376
by moose
LAN access was created by moose
My company has a win2000 environment, with only 1 domain. A user brings in his home laptop and connects it to the company network without IT's pre-approval. His laptop runs win2000, configured to be part of Workgroup. He does not need to log on to the network, but still can map to known shared folders on the network. We would like to block this method, to safeguard our network against viruses, etc from non-company PCs. Is there a way to disable the 'Workgroup' or force all PCs to be part of the domain?
- Streaminghack
- Offline
- New Member
Less
More
- Posts: 5
- Thank you received: 0
19 years 10 months ago #6503
by Streaminghack
Replied by Streaminghack on topic MAC address
I say the best way to stop not autorized pc on a LAN is to have a whitelist of MAC address. Any MAC not no the list can't get on the network. BTW for wireless networks this is not good security its too easy to Spoof your MAC
19 years 10 months ago #6509
by sahirh
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Replied by sahirh on topic Re: LAN access
Unfortunately MAC addresses are too easily spoofed.
There is no technical solution for this, its a policy and procedure problem from where I'm standing.
There is no technical solution for this, its a policy and procedure problem from where I'm standing.
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
19 years 10 months ago #6512
by Wizmatic
Replied by Wizmatic on topic Re: LAN access
You can blacklist his MAC address by assigning a different ip to him that is not in the same range as your network which will prevent him from connecting to the network and using it's resources.
19 years 10 months ago #6548
by nske
Replied by nske on topic Re: LAN access
Wizmatic, not necessarily, as sahirh said, the validity of mac addresses can not be determined. Spoofing the mac addr. can be as simple as issuing an ifconfig command in unix or changing a key at the registry in windows.
19 years 10 months ago #6552
by sahirh
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Replied by sahirh on topic Re: LAN access
Yep, I've seen this at many large organisations as well... there is just no way to rely on network addresses (either logical or physical) for authentication, simply because they are so easily changed..
In Linux I believe its as simple as
ifconfig eth0 hw addr ether xx-xx-xx-xx-xx-xx
or something like that...
So you really need to work out the proper policies to prevent the laptop threat.
In Linux I believe its as simple as
ifconfig eth0 hw addr ether xx-xx-xx-xx-xx-xx
or something like that...
So you really need to work out the proper policies to prevent the laptop threat.
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Time to create page: 0.133 seconds